|
| 1 | +---------------- VERSION 4.6.0 -------------- |
| 2 | +- A new Message content viewer has been added to the content viewers section of |
| 3 | +the main application window to provide an examiner with tabs for looking at: |
| 4 | +message headers; content as raw text, HTML, or RTF; and attachments. |
| 5 | +- A new Communications tool has been added to the Tools menu to supply an |
| 6 | +examiner with a separate three part view consisting of: a filtered, tabular |
| 7 | +display of the various accounts (email, Facebook, Twitter, etc.) discovered by |
| 8 | +the ingest modules, a tabular view of the messages exchanged between the |
| 9 | +accounts, and a Message content viewer for the individual messages. |
| 10 | +- Hash sets may now be stored either locally or in the Central Repository. |
| 11 | +- An ingest module that uses file entropy to flag possibly encrypted files has |
| 12 | +been added as a core file-level ingest module. |
| 13 | +- The file names and organization of HTML reports have been changed to make it |
| 14 | +easier to find and open these reports outside of the application. |
| 15 | +- The version of Tika used by the application has been upgraded to version 1.17 |
| 16 | +and the amount of memory consumed by Tika has been reduced significantly by |
| 17 | +configuring it to use the new SAX parsers exclusively. |
| 18 | +- A live triage feature has been added that copies the application executable to |
| 19 | +a USB drive that can then be used for live analysis of another system. |
| 20 | +- Memory leaks and other issues revealed by fuzzing the SleuthKit have |
| 21 | +been fixed. |
| 22 | +- The number of application log files generated before log rollover is now |
| 23 | +user-configurable to enable retention of more logs to better support enterprise |
| 24 | +installations that are running auto ingest. |
| 25 | +- Preliminary build file and code changes aimed at supporting easy creation of |
| 26 | +Linux and OS-X binary distribution packages are in place. |
| 27 | +- Better typing of larger slack files has been added to the file type detection |
| 28 | +ingest module. |
| 29 | +- The maximum number of Solr connections and the maximum number of |
| 30 | +file ingest threads allowed have both been increased. |
| 31 | +- The default setting for JVM memory for 64-bit Windows installations has been |
| 32 | +increased to 4 GB, and the user can adjust the JVM memory setting via the |
| 33 | +Application options panel. |
| 34 | +- The embedded file extractor now uses Tika for new form MS Office documents, |
| 35 | +which dramatically reduces the memory required for processing Excel spreadsheets. |
| 36 | +- The amount of memory required for processing keyword hits has been reduced. |
| 37 | +- Periodic keyword search during ingest now has logic to dynamically increase |
| 38 | +the interval between searches when searches are taking longer than the |
| 39 | +user-configured periodic search interval to complete, thus preventing continuous |
| 40 | +searching. |
| 41 | +- Keyword search has been made more responsive to both search and ingest job |
| 42 | +cancellation. |
| 43 | +- The use of the terminology "known bad" has been replaced by "notable." |
| 44 | +- Tag definitions now have a "notable" property indicating that tagged content |
| 45 | +and results should be marked as notable in the Central Repository. |
| 46 | +- Users can now enter more information about cases including examiner contact |
| 47 | +info, organization info, and notes. |
| 48 | +- A new "Databases" category has been added to the Views, File Types, By |
| 49 | +Extension ree. |
| 50 | +- Examiner mode for an enterprise installation no longer requires a restart and |
| 51 | +a single dialog that lists all multi-user cases is provided; selecting a row in |
| 52 | +the dialog and beginning to type opens a search box that allows an examiner to |
| 53 | +search for cases by name, etc., and the columns in the tabular view presented by |
| 54 | +the dialog can be reordered or hidden. |
| 55 | +- An auto ingest data source processor that extracts data sources from archive |
| 56 | +files specified as data sources via auto ingest job manifests has been added. |
| 57 | +- Auto ingest job metrics are collected and can be displayed for a |
| 58 | +user-specified time period using a button on either the auto dashboard or the |
| 59 | +auto ingest control panel. |
| 60 | +- Sorting by columns has been added to both the auto ingest control panel and |
| 61 | +the auto ingest dashboard. |
| 62 | +- The row highlight color for tagged items in the Results table view has been |
| 63 | +changed for better visibility. |
| 64 | +- Assorted small enhancements and bug fixes are included. |
| 65 | + |
1 | 66 | ---------------- VERSION 4.5.0 -------------- |
2 | 67 | - Memory usage has been reduced to improve support for very large cases. |
3 | 68 | - The central repository and correlation engine introduced in version 4.4.1 have |
|
0 commit comments